How to Install nmap Security Scanner on Windows XP

Installing nmap security scanner on Windows XP is fairly easy. The easiest way is to download and run the nmap stable release executable file currently located here. You can verify the latest release by visiting nmap’s download page here.

Once the nmap.exe file is downloaded just double click it and choose a location to unpack the files. The easiest place would be something like c:\nmap or if you have cygwin installed you might want to do c:\cygwin\nmap. Make sure to note the location as you will need to add this to your path so you can execute it without having to be in the nmap directory.

To add the new directory to your PATH just follow the couple steps below.

Install Nmap, Network Mapper, On Windows XP:

Open My Computer Properties: Right click on “My Computer” and select properties.

Edit Environment Variables: Click the Advanced tab after the “My Computer” properties has been opened in step 1. At the bottom of the Advanced tab click the “Environment Variables” button which will open a new window.

Edit Path:In the second window titled “System variables” highlight the 6th option from the top titled “Path”. Once Path is highlighted click the Edit button which will open the Path configuration where you will see numerous entries separated by semi colons. You need to add the new path for nmap such as “c:\nmap”. Below is what the second line of the Path configurations will look like.

Save Environment Variable Options: Click the OK button at the bottom of the “Edit System Variable” window followed by OK at the bottom of Environment Variables. Last click OK at the bottom of “System Properties”.

Test nmap On Windows XP: If you have any command prompt windows open go ahead and close them. Once you reopen them your new “Path” should be operational. You can start by running a command like the below against your router which we will assume has an IP of “192.168.1.1”.

Above you will see there are four open ports which include SSH, DOMAIN, HTTP, and HTTPS on this Linksys wrt600n wireless router.

Now nmap is installed and can be a very useful security and network troubleshooting tool. If you want to learn more about the available switches from the CLI just type nmap without anything else from the command prompt which will spit out the below.

List Of Nmap Switches/Options Available On Windows XP:

code

C:\\&gt;nmap

Nmap 4.76( http://nmap.org )

Usage: nmap [Scan Type(s)][Options]{target specification}

TARGET SPECIFICATION:

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL : Input from list of hosts/networks

-iR : Choose random targets

--exclude : Exclude hosts/networks

--excludefile : Exclude list from file

HOST DISCOVERY:

-sL: List Scan - simply list targets to scan

-sP: Ping Scan - go no further than determining if host is online

-PN: Treat all hosts as online -- skip host discovery

-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports

-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes

-PO [protocol list]: IP Protocol Ping

-n/-R: Never do DNS resolution/Always resolve [default: sometimes]

--dns-servers : Specify custom DNS servers

--system-dns: Use OS's DNS resolver

SCAN TECHNIQUES:

-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans

-sU: UDP Scan

-sN/sF/sX: TCP Null, FIN, and Xmas scans

--scanflags : Customize TCP scan flags

-sI : Idle scan

-sO: IP protocol scan

-b : FTP bounce scan

--traceroute: Trace hop path to each host

--reason: Display the reason a port is in a particular state

PORT SPECIFICATION AND SCAN ORDER:

-p

: Only scan specified ports

Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080

-F: Fast mode - Scan fewer ports than the default scan

-r: Scan ports consecutively - don't randomize

--top-ports : Scan most common ports

--port-ratio : Scan ports more common than

SERVICE/VERSION DETECTION:

-sV: Probe open ports to determine service/version info

--version-intensity : Set from 0(light) to 9(try all probes)

--version-light: Limit to most likely probes (intensity 2)

--version-all: Try every single probe (intensity 9)

--version-trace: Show detailed version scan activity (for debugging)

SCRIPT SCAN:

-sC: equivalent to --script=default

--script=: is a comma separated list of directories, script-files or script-categories

--script-args=: provide arguments to scripts

--script-trace: Show all data sent and received

--script-updatedb: Update the script database.

OS DETECTION:

-O: Enable OS detection

--osscan-limit: Limit OS detection to promising targets

--osscan-guess: Guess OS more aggressively

TIMING AND PERFORMANCE:

Options which take are in milliseconds, unless you append 's'

(seconds), 'm'(minutes), or 'h'(hours) to the value (e.g. 30m).

-T[0-5]: Set timing template (higher is faster)

--min-hostgroup/max-hostgroup : Parallel host scan group sizes

--min-parallelism/max-parallelism : Probe parallelization

--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout : Specifies

probe round trip time.

--max-retries

: Caps number of port scan probe retransmissions.

--host-timeout : Give up on target after this long

--scan-delay/--max-scan-delay : Adjust delay between probes

--min-rate : Send packets no slower than per second

--max-rate : Send packets no faster than per second

FIREWALL/IDS EVASION AND SPOOFING:

-f; --mtu : fragment packets (optionally w/given MTU)

-D : Cloak a scan with decoys

-S : Spoof source address

-e : Use specified interface

-g/--source-port

: Use given port number

--data-length : Append random data to sent packets

--ip-options : Send packets with specified ip options

--ttl : Set IP time-to-live field

--spoof-mac : Spoof your MAC address

--badsum: Send packets with a bogus TCP/UDP checksum

OUTPUT:

-oN/-oX/-oS/-oG : Output scan in normal, XML, s| and Grepable format, respectively, to the given filename.

Once you are familiar with nmap you will find yourself using it all the time. Nmap is a very useful security tool that can be used to troubleshoot all sorts of technical issues no matter the operating system you are using.